diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 3c477c556..69734ab8b 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -86,6 +86,8 @@ class LoginController extends AbstractLoginController
 
         $this->auth->guard()->login($user, true);
 
+        $request->session()->regenerate();
+
         return $this->sendLoginResponse($user, $request);
     }
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 622a8324d..4c9881949 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -11,7 +11,6 @@ use Pterodactyl\Http\Middleware\EncryptCookies;
 use Pterodactyl\Http\Middleware\Api\IsValidJson;
 use Pterodactyl\Http\Middleware\VerifyCsrfToken;
 use Pterodactyl\Http\Middleware\VerifyReCaptcha;
-use Pterodactyl\Http\Middleware\AdminAuthenticate;
 use Illuminate\Routing\Middleware\ThrottleRequests;
 use Pterodactyl\Http\Middleware\LanguageMiddleware;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
@@ -65,9 +64,9 @@ class Kernel extends HttpKernel
             RequireTwoFactorAuthentication::class,
         ],
         'api' => [
-            IsValidJson::class,
             EnsureStatefulRequests::class,
             'auth:sanctum',
+            IsValidJson::class,
             RequireTwoFactorAuthentication::class,
             AuthenticateIPAccess::class,
         ],
@@ -93,7 +92,6 @@ class Kernel extends HttpKernel
         'auth' => Authenticate::class,
         'auth.basic' => AuthenticateWithBasicAuth::class,
         'guest' => RedirectIfAuthenticated::class,
-        'admin' => AdminAuthenticate::class,
         'csrf' => VerifyCsrfToken::class,
         'throttle' => ThrottleRequests::class,
         'can' => Authorize::class,
diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
deleted file mode 100644
index f95180b20..000000000
--- a/app/Http/Middleware/Authenticate.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Auth\AuthenticationException;
-
-class Authenticate
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @return mixed
-     *
-     * @throws \Illuminate\Auth\AuthenticationException
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        if (!$request->user()) {
-            throw new AuthenticationException();
-        }
-
-        return $next($request);
-    }
-}
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index 428b9512a..2177eb916 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -8,6 +8,7 @@ use Illuminate\Support\Facades\Route;
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Support\Facades\RateLimiter;
 use Pterodactyl\Http\Middleware\TrimStrings;
+use Pterodactyl\Http\Middleware\AdminAuthenticate;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
 
 class RouteServiceProvider extends ServiceProvider
@@ -33,10 +34,10 @@ class RouteServiceProvider extends ServiceProvider
         Route::model('database', Database::class);
 
         $this->routes(function () {
-            Route::middleware(['web', 'csrf'])->group(function () {
+            Route::middleware('web')->group(function () {
                 Route::middleware('auth')->group(base_path('routes/base.php'));
                 Route::middleware('guest')->prefix('/auth')->group(base_path('routes/auth.php'));
-                Route::middleware(['auth', 'admin'])->prefix('/admin')->group(base_path('routes/admin.php'));
+                Route::middleware(['auth', AdminAuthenticate::class])->prefix('/admin')->group(base_path('routes/admin.php'));
             });
 
             Route::middleware('api')->group(function () {
diff --git a/resources/scripts/api/http.ts b/resources/scripts/api/http.ts
index cf1514274..78aa393ee 100644
--- a/resources/scripts/api/http.ts
+++ b/resources/scripts/api/http.ts
@@ -11,18 +11,6 @@ const http: AxiosInstance = axios.create({
     },
 });
 
-http.interceptors.request.use(req => {
-    const cookies = document.cookie.split(';').reduce((obj, val) => {
-        const [ key, value ] = val.trim().split('=').map(decodeURIComponent);
-
-        return { ...obj, [key]: value };
-    }, {} as Record<string, string>);
-
-    req.headers['X-XSRF-TOKEN'] = cookies['XSRF-TOKEN'] || 'nil';
-
-    return req;
-});
-
 http.interceptors.request.use(req => {
     if (!req.url?.endsWith('/resources')) {
         store.getActions().progress.startContinuous();
diff --git a/tests/Unit/Http/Middleware/AuthenticateTest.php b/tests/Unit/Http/Middleware/AuthenticateTest.php
deleted file mode 100644
index 828afc122..000000000
--- a/tests/Unit/Http/Middleware/AuthenticateTest.php
+++ /dev/null
@@ -1,39 +0,0 @@
-<?php
-
-namespace Pterodactyl\Tests\Unit\Http\Middleware;
-
-use Illuminate\Auth\AuthenticationException;
-use Pterodactyl\Http\Middleware\Authenticate;
-
-class AuthenticateTest extends MiddlewareTestCase
-{
-    /**
-     * Test that a logged in user validates correctly.
-     */
-    public function testLoggedInUser()
-    {
-        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturn(true);
-
-        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
-    }
-
-    /**
-     * Test that a logged out user results in an exception.
-     */
-    public function testLoggedOutUser()
-    {
-        $this->expectException(AuthenticationException::class);
-
-        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturnNull();
-
-        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
-    }
-
-    /**
-     * Return an instance of the middleware using mocked dependencies.
-     */
-    private function getMiddleware(): Authenticate
-    {
-        return new Authenticate();
-    }
-}